For use with McAfee ePolicy Orchestrator - Knowledge …€¦ · · 2015-11-25For use with McAfee...

Product Guide

Data Center Connectors 3.6.1For use with McAfee ePolicy Orchestrator

COPYRIGHT

Copyright © 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

TRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 Data Center Connectors 3.6.1 Product Guide

http://www.intelsecurity.com

Contents

Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1 Introduction 7VM security management made easy . . . . . . . . . . . . . . . . . . . . . . . . . . 7Types of Data Center Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Cloud Usage Metering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Components and what they do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2 Installation 11Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Installing the extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Download and install the extensions . . . . . . . . . . . . . . . . . . . . . . . 12Install the extensions through Software Manager . . . . . . . . . . . . . . . . . . 13

Registering cloud accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Register an AWS account . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Register a VMware vCenter account . . . . . . . . . . . . . . . . . . . . . . . 20Registering cloud accounts using Data Center Connector for OpenStack . . . . . . . . . 27Registering cloud accounts using Data Center Connector for Microsoft Azure . . . . . . . 35

3 Queries and reports 43Predefined datacenter queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

View default queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Create public cloud custom queries . . . . . . . . . . . . . . . . . . . . . . . . . . 47Dashboards and monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Data Center and Public Cloud dashboards . . . . . . . . . . . . . . . . . . . . . 48

Index 55

Data Center Connectors 3.6.1 Product Guide 3

Contents


Preface

This guide provides the information you need to work with your McAfee product.

Contents About this guide Find product documentation

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

AudienceMcAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

ConventionsThis guide uses these typographical conventions and icons.

Book title, term,emphasis

Title of a book, chapter, or topic; a new term; emphasis.

Bold Text that is strongly emphasized.

User input, code,message

Commands and other text that the user types; a code sample; a displayedmessage.

Interface text Words from the product interface like options, menus, buttons, and dialogboxes.

Hypertext blue A link to a topic or to an external website.

Note: Additional information, like an alternate method of accessing anoption.

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardwareproduct.


Find product documentationOn the ServicePortal, you can find information about a released product, including productdocumentation, technical articles, and more.

Task1 Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.

2 In the Knowledge Base pane under Content Source, click Product Documentation.

3 Select a product and version, then click Search to display a list of documents.

PrefaceFind product documentation


https://support.mcafee.com

1 Introduction

The Data Center Connectors help you discover and import your virtual infrastructure using McAfee®

ePolicy Orchestrator (McAfee ePO™). You can also view the virtualization properties and protectionstatus of your virtual machines.

Contents VM security management made easy Types of Data Center Connectors Cloud Usage Metering Components and what they do

VM security management made easyData Center Connectors discover and import both running and stopped machine instances from thecloud accounts to the McAfee ePO server.

• They integrate the management feature of McAfee ePO with the configured public and privateclouds, which host and manage the VMs.

• They synchronize periodically with public and private clouds, and import the VM details to McAfeeePO. The administrator doesn't need to add the cloud assets manually.

• The administrator can choose to deploy the McAfee Agent to discovered instances during thediscovery or after. Then, other McAfee products can be installed on these discovered instances.

• They provide an extensive number of dashboards and queries to monitor the security compliance ofthe cloud assets in real time.

Types of Data Center ConnectorsThe Data Center Connectors are McAfee ePO extensions that discover all VMs in the cloud. These VMsare automatically populated into the McAfee ePO System Tree.

In this document, the term Data Center Connectors describes individual connectors for vSphere, AWS,OpenStack, and Microsoft Azure. The content that refers to the term Data Center Connectors applies toall the connectors. Procedures or other details that are different for vSphere, AWS, OpenStack, andMicrosoft Azure are described in separate sections indicating its individual product name, for example,Data Center Connector for AWS or Data Center Connector for OpenStack.

The Data Center Connector solutions are:

1


• Data Center Connector for AWS

• You can register your Amazon Web Services (AWS) cloud account in McAfee ePO.

• It discovers and imports the VM information from your AWS cloud account and adds it to theMcAfee ePO System Tree.

• It also discovers the EBS volumes from your AWS cloud account. You can use McAfee DataProtection for Cloud to encrypt these volumes. For details, see the product guide of McAfee DataProtection for Cloud.

• Data Center Connector for vSphere

• You can register your VMware vCenter cloud account in McAfee ePO.

• It discovers and imports the VM information from your VMware vCenter cloud account and addsit to the McAfee ePO System Tree.

• Data Center Connector for OpenStack

• You can register your Rackspace, HP, and OpenStack cloud (Generic) accounts in McAfee ePO.

• It discovers and imports the VM information from Rackspace, HP, and OpenStack cloud(Generic) accounts and adds it to the McAfee ePO System Tree.

• Data Center Connector for Microsoft Azure

• You can register your Microsoft Azure and Windows Azure Pack cloud accounts in McAfee ePO.

• It discovers and imports the VM information from your Microsoft Azure and Windows Azure packaccounts and adds it to the McAfee ePO System Tree.

Cloud Usage MeteringYou can now track the usage of AWS and Microsoft Azure cloud VMs using the metering feature.

• You can track the usage of the instances that meet these criteria.

• They are managed by McAfee Agent 4.8 patch 3 or later.

• They are tagged with Metering tag (dc_auto_mtrg).

• Your McAfee ePO version is 4.6.8, 5.1.1, or later.

• The usage of VMs is tracked in number of virtual CPU hours.

Usage hours = Duration between uptime and downtime of McAfee Agent process for an instance.

Virtual CPU usage hours = Usage hours X number of CPU cores.

This example shows the calculation of total VCPU usage hours for a cloud instance.

McAfee Agentuptime(hours)

McAfee Agentdowntime(hours)

Usage hours Number ofCPU cores

Total Virtual CPUusage hours

08:00 13:00 (13:00 hrs – 8:00 hrs)= 5 hours or 300minutes

2 600 minutes or 10hours

• By default the usage of AWS and Microsoft Azure instances are monitored. You can track the usageof other instances by applying the metering tag dc_auto_mtrg.

For details about applying tags, see Apply tags to selected systems in the product guide for yourversion of McAfee ePO.

1 IntroductionCloud Usage Metering


• You can get a monthly report of the VCPU usage hours for all of your cloud instances that aretagged by the metering tag (dc_auto_mtrg). You can see this report from the Public Cloud dashboard.You can create a custom query to retrieve the Usage Metering Report information from Queries and Reports.

See also Create public cloud custom queries on page 47

Components and what they doEach component performs a specific function to discover and manage your VMs.

Amazon Web Services (AWS) — Collection of web services that make up the cloud computingsolution offered by Amazon.

Hypervisor (ESXi) — A virtual operating platform that manages the execution of the guest operatingsystems. They allow multiple operating systems to run concurrently on a hosted system. ESXi areembedded hypervisors for servers that run directly on server hardware, without requiring an additionalunderlying operating system.

VMware vCenter — Console that manages the ESXi servers, which host the guest VMs that requireprotection.

OpenStack Software — An open source platform for building public and private clouds.

Rackspace public cloud — A transparent, enterprise-grade public cloud based on OpenStacktechnology.

HP public cloud — A transparent, enterprise-grade public cloud based on OpenStack technology.

OpenStack cloud (Generic) — A private cloud based on OpenStack technology.

Microsoft Azure — Cloud computing platform and infrastructure for building, deploying, andmanaging applications and services through a global network of Microsoft-managed datacenters.

Windows Azure pack — A collection of Microsoft Azure technologies.

Virtual Machines (VMs) — An isolated guest operating system installation within a normal hostoperating system that supports both virtual desktops and virtual servers.

ePolicy Orchestrator — Management software that allows you to register a cloud account, so thatyou can import your VMs and view them.

McAfee Agent — The client‑side component providing secure communication between McAfee ePOand managed products. It also serves as an updater for managed and unmanaged McAfee products.

Assurance Information Module — Collects the data from the client systems where McAfee productsare installed, and that are managed by McAfee ePO.

McAfee Data Protection for Cloud — Encrypts data to protect it from data theft and data loss. Itconverts the non-encrypted volumes into encrypted volumes exclusively for the cloud volumes ofAmazon Web Services that are discovered, registered, and managed by McAfee ePO.

IntroductionComponents and what they do 1


1 IntroductionComponents and what they do


2 Installation

Before you set up your environment and import your VM information to McAfee ePO, make sure thatyou have your cloud account and its details ready.

You then install the extension and register the cloud accounts in McAfee ePO.

Contents Requirements Installing the extension Registering cloud accounts

RequirementsMake sure that your environment includes these components and that they meet the requirements foryour type of connector.

Component Requirements

Data CenterConnector forvSphere

Software

• McAfee ePO 4.6.8, 4.6.9, 5.1.1, 5.1.2, 5.1.3, 5.3.0, and 5.3.1

• VMware ESXi 5.1, 5.5, 6.0

• VMware vCenter 5.1, 5.5, 6.0

• VMware vSphere Client 5.1, 5.5, 6.0

Guest VM operating system

VMware Tools 5.0 (Patch 1 ESX500-201109402-BG)

For information on the Guest VM operating systems that are supported for VMwarevCenter, see VMware documentation: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1036847

Data CenterConnector forAWS

• McAfee ePO 4.6.8, 4.6.9, 5.1.1, 5.1.2, 5.1.3, 5.3.0, and 5.3.1

• Amazon Web Services account

Data CenterConnector forOpenStack

• McAfee ePO 5.1.1, 5.1.2, 5.1.3, 5.3.0, and 5.3.1

• Rackspace account or HP account or OpenStack cloud (Generic) account

Data Center Connector for OpenStack supports Havana and Junos releases ofOpenStack.

Data CenterConnector forMicrosoft Azure

• McAfee ePO 5.1.1, 5.1.2, 5.1.3, 5.3.0, and 5.3.1

• Microsoft Azure account or Windows Azure Pack

2


http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1036847

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1036847

For details about system requirements and instructions for setting up the McAfee ePO environment,see the installation guide for your version of McAfee ePO.

Installing the extensionYou have two methods to install the connector extensions.

• Download and install the extensions.

• Install the extensions through Software Manager.

Download and install the extensionsYou must download and install the product extension for your connector on the McAfee ePO server tobe able to discover the VM information and import it to the System Tree.

From the McAfee download site (http://www.mcafee.com/us/downloads/), download the package foryour type of connector.

Connector Suite Package

Data Center Connectorfor vSphere

McAfee Server SecurityAdvanced

McAfee Server SecurityEssentials

vSphere_Ext_3.6.1.zip

Data Center Connectorfor AWS

McAfee Public Cloud ServerSecurity or


Public_Cloud_Security_ePO_4.6.x.zipPublic_Cloud_Security_ePO_5.x.zip


Public_Cloud_Security_Essentials_ePO_4.6.x.zipPublic_Cloud_Security_Essentials_ePO_5.x.zip

Data Center Connectorfor Microsoft Azure

McAfee Public Cloud ServerSecurity or


Public_Cloud_Security_ePO_5.x.zip


Public_Cloud_Security_Essentials_ePO_5.x.zip

Data Center Connectorfor OpenStack

McAfee Server SecurityAdvancedMcAfee Server SecurityEssentials

OPENSTACK_Ext_3.6.1.zip

McAfee Public Cloud Server Security and McAfee Server Security Advanced suites

When you install Public_Cloud_Security_ePO_5.x.zip, all these extensions are installed and packagesare checked in to your McAfee ePO server for these products:



• McAfee Data Protection for Cloud

2 InstallationInstalling the extension


http://www.mcafee.com/us/downloads/

• Cloud Usage Metering

• Assurance Information Module

McAfee Server Security Essentials suite

When you install Public_Cloud_Security_Essentials_ePO_5.x.zip, all these extensions are installed andpackages are checked in to your McAfee ePO server for these products:



• Cloud Usage Metering

• Assurance Information Module

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Log on to the McAfee ePO server as an administrator.

2 Select Menu | Software | Extensions | Install Extension.

3 Browse to and select the extension file for your type of connector, then click OK.

• McAfee ePO 5.1.x

The software deployment packages are automatically checked in to your McAfee ePO MasterRepository.

• McAfee ePO 4.6.x and Data Center Connector for AWS

1 Unzip Public_Cloud_Security_ePO_4.6.x.zip and install the extensionPublic_Cloud_Security_Extensions_ePO_4.6.x.zip.

2 Unzip Public_Cloud_Security_Essentials_ePO_4.6.x.zip and install the extensionServer_Security_Essentials_Extensions_ePO_4x.zip.

3 Check in the software deployment .zip packages to your McAfee ePO 4.6.x Master Repository.For details, see the product guide for your version of McAfee ePO.

4 Click OK.

You can install the Help extension for connectors (help_cce_361.zip) in the same way.

Install the extensions through Software ManagerThe Software Manager eliminates the need to access the McAfee Product Download website to obtainnew McAfee software. Use McAfee ePO Software Manager to install the connector extensions.



2 Select Menu | Software, then click Software Manager.

3 From the Product Categories list, select the connector extensions from Software (By Label) | Endpoint Security| Management Extension, then click Check in.

The connector extensions are installed through the Software Manager.

InstallationInstalling the extension 2


Registering cloud accountsYou must register cloud accounts with McAfee ePO to establish a connection to the McAfee ePO server.McAfee ePO then discovers, imports, and displays the VM information under the System Tree.

For your type of connector, you can register these cloud accounts.

Type of connector Cloud account

Data Center Connector for AWS AWS

Data Center Connector for vSphere VMware

Data Center Connector for OpenStack Rackspace or HP or OpenStack cloud (Generic)

Data Center Connector for Microsoft Azure Microsoft Azure or Windows Azure Pack

Register an AWS accountUsing Data Center Connector for AWS, register an AWS account with McAfee ePO so that McAfee ePOcommunicates with the AWS cloud.

Before you begin• Make sure that you have your AWS account and its details ready.

• AWS users must have an access key ID and a secret access key set up for them in theAWS console.

• AWS users must have at least read-only permissions for the EC2 (Elastic CloudCompute) web service. For more information, see Create a read-only AWS group andAssign read-only AWS group to the user.

• If you are using McAfee Data Protection for Cloud, you need additional permissions forencrypting the data volumes attached to instances. For using power user permissions,see this McAfee KnowledgeBase article: KB83814. For using minimum requiredpermission, see this McAfee KnowledgeBase article: KB85207.

The Registered Cloud Accounts option is available only after installing the Data Center Connector extension.



2 Select Menu | Configuration | Registered Cloud Accounts, then click Actions | Add Cloud Account to open the AddCloud Account page.

2 InstallationRegistering cloud accounts


https://kc.mcafee.com/corporate/index?page=content&id=KB83814

https://kc.mcafee.com/corporate/index?page=content&id=KB85207

3 From the Choose Connector drop-down list on the Description page, select Amazon Web Service, then click OKto open this page.

4 On the AWS account details page, type these details:

• Name — Type a name for the AWS account in McAfee ePO. Account names can include charactersa-z, A–Z, 0–9, and [_.-], without space.

• Access Key Id — Type the access key ID used by AWS connector to log on to AWS.

• Secret Access Key — Type the secret access key used by AWS connector to log on to AWS.

Each user can be configured to have an Access Key ID and Secret Access key in the AWSconsole. For details, see Create an AWS user.

• Tags — List of McAfee ePO tags that are applied on VMs discovered for this AWS account. Tagname can include characters a-z, A–Z, 0–9, and [_.-], with space. For details about Tag usage,see the product documentation for your version of McAfee ePO.

• Sync interval (In Minutes) — Specify the interval for McAfee ePO to AWS synchronization.

5 Enable the GovCloud option if the AWS account belongs to the AWS GovCloud (US) region. For otherusers, leave it deselected.

6 Click Validate Parameters to validate the account details and verify the connection to the AWS cloud.

InstallationRegistering cloud accounts 2


7 (Optional) Deploy McAfee Agent to the registered VMs, select Auto deploy Mcafee Agent on VMs, and typethe credentials to deploy the McAfee Agent package.

Make sure that the McAfee ePO server and the VMs in the AWS cloud can communicate with eachother.

8 Click Save to register the cloud account.

This action registers the AWS cloud and imports all discovered VMs, which are unmanaged, into theSystem Tree. The instances are imported with the structure and hierarchy of the AWS cloud.

The VMs that are already added and managed by McAfee ePO are retained with the existing policysettings. The connector adds the virtualization properties for these VMs.

9 View the imported VMs: select Menu | Systems | System Tree in McAfee ePO.

After the discovery, you can find your AWS account under the group AWS. The virtual machines fromAWS are logically grouped with the hierarchy AWS | Cloud account name | Region | Avalibilty zone | instances.

If you create a custom group below the AWS account group and move an availability zone to that group,then this change is not preserved. After the subsequent sync, the availability zone is restored to itsoriginal location and an empty group with the same name will remain in the custom group. All VMsunder this group are moved to their original position. However, if you need to create a custom group,you can do it above your AWS account so that the availability zones remain in their position.

Tasks• Create an AWS user on page 19

On the Amazon Web Services management console, create an AWS user with Access KeyID and Secret Access Key configured.

• Create a read-only AWS group on page 19Create read-only AWS account on the Amazon Web Services management console so thatyou can register AWS account with McAfee ePO.

• Assign read-only AWS group to the user on page 20Assign read-only permissions to the user on the Amazon Web Services managementconsole, so that you can register AWS account with McAfee ePO.



Registered AWS account detailsAfter configuring and registering the AWS account with McAfee ePO, the account details of theregistered AWS accounts are displayed in McAfee ePO.

Property Description

Name Name of the AWS account.

Type Type of Data Center Connector.

Last Successful Sync Displays the date and time when the last successful synchronization betweenMcAfee ePO and AWS occurred.

Last Sync Status Displays the last synchronization status, including Sync Scheduled, Success, In Progress,and Failure. Hover your mouse over this property to know the start and end times ofyour account synchronization. If your account synchronization is in progress, youcan see the sync start time.

Total VMs Displays the number of VMs discovered for this account.

Running VMs Displays the number of VMs that are up and running in this account.

Managed VMs Displays the number of VMs that are managed by McAfee ePO.

Auto Deploy MA Specifies if the administrator has enabled the Auto deploy McAfee Agent task for theregistered AWS account.

Tags Displays the tags of the VMs.

Actions You can edit, delete, and synchronize the AWS account using McAfee ePO.

When you delete an account, you have these options:

• Delete System Tree group corresponding to this account — Deletes all virtualmachines and groups from this account.

• Delete Tags — Deletes the McAfee ePO tags for this account.

If you do not select any of these options, this action deletes only theaccount details.

You can retrieve the details of the registered Data Center by running the Data Centers query under Menu |Reporting | Queries and Reports | McAfee Groups | Data Center.

You can use the Automatic Responses feature of McAfee ePO to log events in the Audit Log. You canalso configure automatic email responses, if there are any synchronization status changes for any cloudaccount. From Menu | Automation | Automatic Responses, you can select Cloud Account Sync Failure Event or CloudAccount Sync Success Event to trigger an action. Your response can include these actions Create issue or SendEmail. For details about automatic responses, see Events and Responses in the product guide for yourversion of McAfee ePO.

Virtual machine detailsAfter importing the discovered VMs from the cloud accounts, the VM details are displayed in theSystem Tree.

To distinguish VMs imported by the connector from other systems in the System Tree, check for the tagsof the system. The VMs imported by this connector are tagged dc_vm_auto.


System Name Displays the name of the VM.

Managed State Specifies if the system is managed by McAfee Agent.

Tags Displays the tag applied to this VM.

IP Address Displays the IP address of the VM.




User Name Displays the user name of the user logged on to the system.

Last Communication Displays the time of the last synchronization.

You can view more details of the AWS account by selecting and adding the required column using theChoose Columns option under System Tree | Actions. By default, these columns don't appear under SystemTree.


Vendor Name Displays the name of the cloud vendor.

Account Name Displays name of the cloud account.

Unique ID Displays the Unique id of the instance.

Power Status Displays if the instance is turned on or off.

Instance ID Displays the unique value provided to the instance from AWS.

Instance Name Displays the instance name as shown on AWS console.

Image ID Displays the unique value of amazon machine image with which the instance wascreated.

Private DNS name Displays the private DNS name from AWS.

Public DNS name Displays the Public DNS name from AWS.

State Transition Reason Displays the reason for the instance to move from one state to another from theAWS console.

Key Name Displays the key name of the instance, which is provided during the launch.

Instance Type Displays the hardware configuration selected for an instance during the launch.

Launch Time Displays the time the instance is launched in AWS.

Availability Zone Displays the region where the instance is created in AWS.

Platform Specifies whether the platform is Microsoft Windows or Linux.

Private IP Address Displays the private IP address from AWS.

Public IP Address Displays the public IP address from AWS, are accessed by McAfee ePO.

VPC ID Displays the Amazon Virtual Private cloud ID.

MAC Address Displays the MAC address of an Instance in Amazon Virtual private cloud.

Architecture Provides details about the hardware specifications of the processor. For example,x86_64, i386.

Virtualization Type Displays the vitualization type of VM like HVM and paravitualization.

Tags Displays the tags of the VMs.

Security Groups Displays the security group details where the instance is linked in AWS.

Network Interfaces Displays details about all network interfaces associated to the EC2 instance

You can view the virtualization properties of the selected virtual machine by navigating to Menu |Systems | System Tree and double-clicking the target virtual machine.



Create an AWS userOn the Amazon Web Services management console, create an AWS user with Access Key ID andSecret Access Key configured.

Task1 Log on to your Amazon Web Services management console.

2 From the Users section, click Create User.

3 Type a name for the user and select Generate an access key for each User.

4 Click Create.

5 Click Download Credentials and save the CSV file. These credentials contain both the Access Key ID andthe Secret Access Key.

Create a read-only AWS groupCreate read-only AWS account on the Amazon Web Services management console so that you canregister AWS account with McAfee ePO.

Task1 Log on to your Amazon Web Services management console.

2 Load the Identity and Access Management (IAM) dashboard.



3 Under the Groups section, select Create New Group.

4 Enter a name for the group and go to next step.

5 Select the Read Only Access policy template for the group.

6 Go to next step and select Create Group.

Assign read-only AWS group to the userAssign read-only permissions to the user on the Amazon Web Services management console, so thatyou can register AWS account with McAfee ePO.

Before you begin• You must have the required user created. For details, see Create an AWS User.

• You must have created a read-only AWS group. For details, see Create a read-only AWSgroup.

Task1 From the Users section, select the user, then from User Actions, click Add User to Groups.

2 Select the read-only AWS Group, then click Add to Groups.

Register a VMware vCenter accountUsing Data Center Connector for vSphere, register a VMware vCenter account with McAfee ePO so thatMcAfee ePO communicates with the VMware vCenter, which manages the ESXi servers.

Before you beginMake sure that you have configured your VMware vCenter server that manages the ESXiservers, which host the guest VMs.

The Registered Cloud Accounts option is available only after installing the Data Center Connector extension.



2 Select Menu | Configuration | Registered Cloud Accounts, then click Add Cloud Account to open the Add CloudAccount page.



3 From the Choose Connector drop-down list on the Description page, select VMware vSphere, then click OK.

4 On the vCenter Account Details page, type these details:

• Account Name — A name for the VMware vCenter account in McAfee ePO. Account names caninclude characters a–z, A–Z, 0–9, and [_.-], without space.

• Server Address — (Required) IP address or the host name of the available VMware vCenter.

• vCenter Username — (Required) User name of the available VMware vCenter account.

• This user's minimum role can be read-only.

• This user can be a domain account.

• This user can also be a Single-Sign-On (SSO) user. The default user name of the SSO user isadmin@system-domain.

• vCenter Password — (Required) Password of the available VMware vCenter account.

• Connection protocol — The protocol required to establish the connection with the VMware vCenter.

• Sync Interval (In Minutes) — Specify the time interval for running subsequent vCenter discovery.

The default value is 5 minutes.

• Port No — The port number required to establish the connection with the available VMwarevCenter.

• Tag — This is given by the admin to identify the VMs. Tag name can include characters a–z, A–Z,0–9, and [_.-], with space.

5 Click Test Connection to validate VMware vCenter account details and verify the connection to theVMware vCenter, then click Next to open the vCenter Summary page.

The summary page has vCenter, vCNS and NSX summary.



6 Click Finish, then click OK on the confirmation page.

This action registers the VMware vCenter and imports all discovered virtual machines, which areunmanaged, into the McAfee ePO System Tree. The instances are imported with the similarstructure and hierarchy present in VMware vCenter.

The virtual machines that are already added and managed by McAfee ePO are retained with theexisting policy settings, but the virtualization properties for these machines are added.


After the discovery, you can find your vCenter account under the group vSphere. The clusters and hostsfrom vCenter are logically grouped under each Data Center group in McAfee ePO.

Registered vCenter detailsAfter configuring and registering the VMware vCenter account with McAfee ePO, the account details ofthe registered vCenter are displayed in McAfee ePO.


Name Name of the vCenter that you registered in McAfee ePO.

Type Type of Data Center Connector.

Last Successful Sync Displays the date and time when the last synchronization between McAfee ePO andVCenter occurred.

Last Sync Status Displays the synchronization status, including Sync Scheduled, Success, In Progress, andFailure. Hover your mouse over this property to know the start and end times ofyour account synchronization. If your account synchronization is in progress, youcan see the sync start time.

Total VMs Displays the number of VMs that are available under the registered vCenter.

Running VMs Displays the number of VMs that are up and running under the registered vCenter.

Managed VMs Displays the number of VMs that are managed by McAfee ePO.




Auto Deploy MA Specifies if the administrator enabled the Auto deploy McAfee Agent task for theregistered vCenter account. Not available in this version.

Actions You can edit, delete, and synchronize the vCenter account using McAfee ePO.

When you delete an account, you can select these options:

• Delete System Tree group corresponding to this account — Deletes all virtualmachines and groups from this account.


If you do not select any of these options, this action deletes only theaccount details.

You can retrieve and view the details of the registered data center by running the Data Centers queryunder Menu | Reporting | Queries and Reports | McAfee Groups | Data Center.







Tags Displays the tag applied on this VM.




You can view more details of the vCenter account by selecting and adding the required column usingthe Choose Columns option under System Tree | Actions. By default, these columns don't appear under SystemTree.




Unique ID Displays the unique ID of the instance.

Power Status Displays if the instance is powered on or off.

VM Name Displays the VM name of the instance as given in vCenter.

DNS Name Displays the DNS name of the instance.

Domain Name Displays the Domain of the instance.




System IP Address Displays the IP address of the instance.

Guest OS Displays the guest operating system of the instance.

Number of vCPU Displays the number of vSPhere CPUs associated with the VM.

Memory Size Displays the memory size of the VM.

VMware Tool Status Displays the status of the VM tool on a VM. For host, the status appears asN/A.

VMware Tool Version Displays the version of the VM tool.

Agentless Anti-MalwareProtection Status

Displays the McAfee MOVE AV Agentless protection status of the client VM:• On — The VM is protected.

• Off — The VM is not protected.

• Unknown — The protection status is not known.

You can view these protection properties only after installing the McAfeeMOVE AV Agentless extension.

Host Displays the host details like IP address of the VM. If the host is selected,the status appears as N/A.

MOR ID Displays the unique identifier given by vCenter to a VM.

UUID Displays the unique ID of the VM.



You can view the virtualization properties of the selected virtual machine by navigating to Menu |Systems | System Tree and double-clicking the target virtual machine.

You can view the virtualization properties of the selected hypervisor by navigating to Menu | Systems |System Tree and double-clicking the target hypervisor.




Unique ID Displays the unique ID of the instance.

Power Status Displays if the instance is powered on or off.

VMM Trust Status For details, see the product documentation for McAfee® Boot Attestation Service.

Firmware Trust Status For details, see the product documentation for McAfee Boot Attestation Service.

SVA Deployed Displays the SVA deployment status for host and VM:• Yes — SVA is deployed to host.

• No — SVA is not deployed to host.

• N/A — For VM.

DNS name Displays the DNS name of the hypervisor.




Domain name Displays the Domain name of the hypervisor.

System IP Displays the IP address of the hypervisor.

Memory Size Displays the memory size of the hypervisor.

Processor Type Displays processor type of the hypervisor.

CPU Cores Displays the number of CPU cores.

Model Displays the model of the physical server.

Manufacturer Displays the manufacturer of the physical server.

Number of NICs Displays the number of network interface cards.

ESX info Displays the ESX hypervisor version.

VM Count Displays the number of VM's.

vMotion Enabled Displays if the VM's can be moved from one hypervisor host to another.

Connection State Displays the connection state of the hypervisor.

Computer Name Displays the computer name of the hypervisor.

BIOS Version Displays the BIOS version of the hypervisor.

MOR-ID Displays the unique identifier given by vCenter to the hypervisor.

Cluster ID Displays the ID of the cluster.

UUID Displays the unique ID of the hypervisor.




Data Stores Displays the repository for storing VM files.

Networks Displays the network interfaces of hosts or VM.

Registering cloud accounts using Data Center Connector forOpenStackYou can register Rackspace, HP, and OpenStack cloud (Generic) accounts using Data Center Connectorfor OpenStack.

Register a Rackspace accountUsing the Data Center Connector for OpenStack, register a Rackspace account so that McAfee ePOcommunicates with the Rackspace cloud.

Before you beginMake sure that you have your Rackspace account and its details ready.

The Registered Cloud Accounts option is available only after installing the Data Center Connector forOpenStack extension.





2 Select Menu | Configuration | Registered Cloud Accounts, then click Actions | Add Cloud Account.

3 From the Choose Connector drop-down list, select Rackspace Public Cloud, then click OK to open this page.

4 On the Rackspace public cloud account details page, type these details:

• Name — A name for the Rackspace account in McAfee ePO. Account names can includecharacters a–z, A–Z, 0–9, and [_.-], without space.

• Identity Service Endpoint — The URL of the account.

The endpoint is prepopulated. Don't change the endpoint URL unless confirmed by the cloudprovider.

• User Name — The user name of the account.

• Password — The password of the account.



• Tags — List of McAfee ePO tags that are applied to VMs discovered for this Rackspace cloudaccount. Tag name can include characters a–z, A–Z, 0–9, and [_.-], with space. For detailsabout tag usage, see the product documentation for your version of McAfee ePO.

• Sync interval (in Minutes) — Specify the interval for McAfee ePO to synchronize with the Rackspacecloud.

The default value is 5 minutes. The maximum value is 525,600 minutes.

5 Click Validate Parameters to validate the account details and verify the connection to the Rackspacecloud.

6 (Optional) Deploy McAfee Agent on the registered VMs, select Create McAfee Agent deployment task , thentype the credentials to deploy the McAfee Agent package.

Make sure that the McAfee ePO server and the VMs in the Rackspace cloud can communicate witheach other. Check the firewall settings for the machines in the cloud. For Linux VMs, SSH port (22)must be accessible. See the product documentation for your version of McAfee Agent.


This action registers the Rackspace cloud and imports all discovered VMs, which are unmanaged,into the System Tree. The instances are imported with the structure and hierarchy of the Rackspacecloud.



After the discovery, you can find your Rackspace account under the group Rackspace. The VMs fromeach Rackspace account are logically grouped under different geographical zones in McAfee ePO.

Register an HP accountUsing Data Center Connector for OpenStack, register an HP account, so that McAfee ePOcommunicates with the HP cloud.

Before you beginMake sure that you have your HP account and its details ready.







3 From the Choose Connector drop-down list, select HP Public Cloud, then click OK.

4 On the HP public cloud account details page, type these details:

• Name — A name for the HP account in McAfee ePO. Account names can include characters a–z,A–Z, 0–9, and [_.-], without space.


The endpoint is prepopulated. Don't change the endpoint URL unless confirmed by the cloudprovider.

• User Name — The user name of the account in the format Project name:user logon. For example,project1:Admin.




• Tags — List of McAfee ePO tags that are applied to VMs discovered for this HP cloud account. Tagname can include characters a–z, A–Z, 0–9, and [_.-], with space. For details about tag usage,see the product documentation for your version of McAfee ePO.

• Sync interval (in Minutes) — Specify the interval for McAfee ePO to synchronize with the HP cloud.


5 Click Validate Parameters to validate the account details and verify the connection to the HP cloud.

6 (Optional) Deploy McAfee Agent on the registered VMs, select Create McAfee Agent deployment task andtype the credentials to deploy the McAfee Agent package.

Make sure that the McAfee ePO server and the VMs in the HP cloud can communicate with eachother. Check the firewall settings for the machines in the cloud. For Linux VMs, SSH port (22) mustbe accessible. See the product documentation for your version of McAfee Agent.


This action registers the HP cloud and imports all discovered VMs, which are unmanaged, into theSystem Tree. The instances are imported with the structure and hierarchy of the HP cloud.



After the discovery, you can find your HP account under the group HP. The VMs from each HP accountare logically grouped under different geographical zones in McAfee ePO.

Register an OpenStack cloud (Generic) accountUsing Data Center Connector for OpenStack, register an OpenStack cloud (Generic) account so thatMcAfee ePO communicates with the OpenStack (Generic) cloud.

Before you beginMake sure that you have your OpenStack cloud (Generic) account and its details ready. TheOpenStack account is termed as generic because you can provide the URL of theOpenStack implementation under Identity Service Endpoint and configure the cloud account.







3 From the Choose Connector drop-down list, select OpenStack Cloud (Generic), then click OK.

4 On the OpenStack Cloud (Generic) account details page, type these details:

• Name — A name for the Rackspace account in McAfee ePO. Account names can includecharacters a–z, A–Z, 0–9, and [_.-], without space.


• User Name — The user name of the account in the format Project name:user logon. For example,Project1:admin.




• Tags — List of McAfee ePO tags that are applied to VMs discovered for this cloud account. Tagname can include characters a-z, A–Z, 0–9, and [_.-], with space. For details about tag usage,see the product documentation for your version of McAfee ePO.

• Sync interval (in Minutes) — Specify the interval for McAfee ePO to synchronize with the cloud.


5 Click Validate Parameters to validate the account details and verify the connection to the cloud.


Make sure that the McAfee ePO server and the VMs in the OpenStack cloud (Generic) cancommunicate with each other. Check the firewall settings for the machines in the cloud. For LinuxVMs, SSH port (22) must be accessible. See the product documentation for your version of McAfeeAgent.


This action registers the OpenStack cloud (Generic) and imports all discovered VMs, which areunmanaged, into the System Tree. The instances are imported with similar structure and hierarchy ofthe cloud.



After the discovery, you can find your OpenStack cloud (Generic) account under the group OpenStack.The VMs from OpenStack cloud (Generic) are logically grouped under different zones in McAfee ePO.

Registered account details for HP, Rackspace, and OpenStack genericAfter configuring and registering the cloud account with McAfee ePO, the account details of theseregistered cloud accounts are displayed in McAfee ePO.


Name Name of the cloud account.

Type Type of the cloud account: HP Public Cloud, Rackspace Public cloud, or OpenStack generic.

Last Successful Sync Displays the date and time when the last successful synchronization betweenMcAfee ePO and the cloud account occurred.




Managed VMs Displays the number of VMs that McAfee ePO manages.




Auto Deploy MA Specifies if the administrator has enabled the Auto deploy McAfee Agent task for theregistered account.

Tags McAfee ePO tag that is applied on the VM.

Actions You can edit, delete, and synchronize the cloud accounts using McAfee ePO.


• Delete System Tree group corresponding to this account — Deletes all VMs andgroups from this account.


If you don't select any of these options, then this action deletes only theaccount details.

You can retrieve the details of the registered data center by running the Data Centers query under Menu |Reporting | Queries and Reports | McAfee Groups | Data Center.










You can view more details of the cloud accounts by selecting and adding the required columns usingthe Choose Columns option under System Tree | Actions. By default, these columns don't appear under SystemTree.


Availability Zone Displays the region where the instance is created.

Image ID Displays the unique value provided to the instance from the cloud account.

Instance ID Displays the unique value provided to the instance from the cloud account.

Instance Type Displays the hardware configuration selected for an instance during the launch.

Key Name Displays the key name, which is provided during the launch of the instance.

Launch time Displays the time when the instance is launched in the cloud account.


Private IP address Displays the private IP address from the cloud account.




Public IP Address Displays the public IP address from the cloud account.

Tags Displays the tags of the systems on McAfee ePO.

Hypervisor Name Displays the DNS name of the Hypervisor host.

Hypervisor Version Displays the version of the Hypervisor.

Hypervisor Type Displays the type of the Hypervisor.

You can view the virtualization properties of the selected VM by navigating to Menu | Systems | SystemTree. Double-click the target VM and click the Virtualization tab.

Registering cloud accounts using Data Center Connector forMicrosoft AzureYou can register Microsoft Azure and Windows Azure Pack cloud accounts using Data Center Connectorfor Microsoft Azure.

Register Microsoft Azure accountUsing Data Center Connector for Microsoft Azure, register a Microsoft Azure account with McAfee ePOso that McAfee ePO communicates with the Azure cloud.

Before you beginMake sure that you have Microsoft Azure account and its details ready.

The Registered Cloud Accounts option is available only after installing the Data Center Connector forMicrosoft Azure extension.






3 From the Choose Connector drop-down list, select Microsoft Azure, then click OK.

4 On the Azure Public Cloud account details page, type these details:

• Name — A name for the Azure account in McAfee ePO. Account names can include characters a–z, A–Z, 0–9, and [_.-], without space.

• Azure Endpoint — The URL of Microsoft Azure endpoint.

The endpoint is pre-populated. Do not change the endpoint URL unless confirmed by the cloudprovider.

• Subscription ID — Type your subscription id.

• Keystore (JKS/PFX) containing private key of management certificate— Upload your JKS/PFX certificate.

• Keystore Password — Type the password you specified for the JKS/PFX file.



• Tags — List of McAfee ePO tags that are applied to VMs discovered for this cloud account. Tagname can include characters a–z, A–Z, 0–9, and [_.-], with space. For details about tag usage,see the product documentation for your version of McAfee ePO.






This action registers the Microsoft Azure cloud account and imports all discovered VMs, which areunmanaged, into the System Tree. The instances are imported with the structure and hierarchy of theAzure cloud.



After the discovery, you can find your account under the group Azure. The VMs from each azureaccount are logically grouped under different geographical zones in McAfee ePO.

Register Windows Azure PackUsing Data Center Connector for Microsoft Azure, register a Windows Azure Pack account with McAfeeePO so that McAfee ePO communicates with the cloud.

Before you beginMake sure that you have Windows Azure Pack account and its details ready.

The Registered Cloud Accounts option is available only after installing the Data Center Connector forMicrosoft Azure extension.






3 From the Choose Connector drop-down list, select Windows Azure Pack, then click OK.

4 On the Windows Azure Pack account details page, type these details:

• Name — A name for the Azure account in McAfee ePO. Account names can include characters a–z, A–Z, 0–9, and [_.-], without space.

• Azure Pack Hostname/IP — Type the hostname of the tenant API endpoint.

McAfee ePO server should be able to resolve the hostname to IP address.

• Subscription ID — Type your subscription ID.

• Keystore (JKS/PFX) containing private key of management certificate— Upload your JKS /PFX certificate.

• Keystore Password — Type the password you specified for the JKS/PFX file.

• Tags — List of McAfee ePO tags that are applied to VMs discovered for this cloud account. Tagname can include characters a–z, A–Z, 0–9, and [_.-], with space. For details about tag usage,see the product documentation for your version of McAfee ePO.








This action registers the Windows Azure Pack account and imports all discovered VMs, which areunmanaged, into the System Tree. The instances are imported with the structure and hierarchy of theAzure cloud.



After the discovery, you can find your HP account under the group AzurePack. The VMs from each Azureaccount are logically grouped under different geographical zones in McAfee ePO.

Registered Account details for Azure and Windows Azure PackAfter configuring and registering the cloud account with McAfee ePO, the account details of theseregistered cloud accounts are displayed in McAfee ePO.


Name Name of the cloud account.

Type Type of the cloud account: Microsoft Azure, Windows Azure Pack.

Last Successful Sync Displays the date and time when the last successful synchronization betweenMcAfee ePO and the cloud account occurred.




Managed VMs Displays the number of VMs that McAfee ePO manages.

Auto Deploy MA Specifies if the administrator has enabled the Auto deploy McAfee Agent task for theregistered account.




Tags McAfee ePO tag that is applied on the VM.

Actions You can edit, delete, and synchronize the cloud accounts using McAfee ePO.


• Delete System Tree group corresponding to this account — Deletes all VMs andgroups from this account.


If you don't select any of these options, then this action deletes only theaccount details.

You can retrieve the details of the registered data center by running the Data Centers query under Menu |Reporting | Queries and Reports | McAfee Groups | Data Center.











You can view more details of the cloud accounts by selecting and adding the required columns usingthe Choose Columns option under System Tree | Actions. By default, these columns don't appear under SystemTree.

For Azure Public cloud you can choose these columns


Created Time Displays the time when the instance is created.

Image ID Displays the unique value provided to the instance from the cloud account.


Instance Size Displays the hardware configuration selected for an instance during the launch.

IP Address Displays the IP address from the cloud account.

Last Modified Time Displays the time when the instance was last modified in the cloud account.




Location Displays the location of the instance.


Public DNS Displays the public DNS name from the cloud account.

Virtual IP Address Displays the virtual IP address of the instance.

For Windows Azure Pack you can choose these columns.


Architecture Provides details about the hardware specifications of the processor.

Capability Profile Displays the Hypervisor details.

CPU Type Displays the CPU type of the instance.

Created Time Displays the time when the instance was created.


Instance Size Displays the hardware configuration selected for an instance during the launch.

IP Address Displays the IP address from the cloud account.

Last Modified Time Displays the time when the instance was last modified in the cloud account.


Source Object Type Displays the template used to create the instance.

Virtualization Platform Displays the Hypervisor details.

VM Name Displays the name of the VM.

You can view the virtualization properties of the selected VM by navigating to Menu | Systems | SystemTree. Double-click the target VM and click the Virtualization tab.



3 Queries and reports

With the Data Center Connectors, you can quickly generate a summary view of all registered DataCenters.

The predefined queries and dashboards provide out‑of‑the‑box functionality, because they are added toyour McAfee ePO server when the software is installed. You can configure these queries to displayresults in charts or tables, which you can use as dashboard monitors. Query results can be exported toseveral formats, which you can download or send as an attachment to an email message.

You can view the list of predefined queries for the Data Centers from Queries and reports | McAfee Groups |Data Center.

You can view the list of predefined queries for the public cloud accounts from Queries and reports | McAfeeGroups | Public Cloud.

Contents Predefined datacenter queries Create public cloud custom queries Dashboards and monitors

Predefined datacenter queriesYou can use predefined queries as is, edit them, or create queries from events and properties stored inthe McAfee ePO database.

You can't edit predefined queries in McAfee ePO 5.1.1 and later.

To create custom queries, your assigned permission set must include the ability to create and editprivate queries.

3


Datacenter provides these predefined queries:

Query Definition

Anti-malware Status Specifies whether the system is in one of these states:• Application Control Enabled — These VMs have McAfee® Application Control installed

and enabled.

• Only Anti-Virus Enabled — These VMs have a McAfee anti-malware product installedand enabled.

• Unprotected — These VMs don't have any McAfee anti-malware product enabled.

ApplicationReputation

Categorizes the applications based on McAfee® Global Threat Intelligence™ (McAfeeGTI) file reputation:• Good

• Bad

• Unclassified

For details about file reputation, see the product documentation for McAfeeApplication Control.

AV Protection byProduct

Displays the anti-virus protection status of McAfee products.

Security Incidents(last 14 days)

Displays the events reported for these components on the VMs in the last 14 days.• Application Control

• Antivirus

• Firewall

• Memory Protection

Data Centers Displays all registered datacenters.

File IntegrityMonitoring Status

Displays the number of VMs with File Integrity Monitoring (FIM) installed andenabled.For details about FIM, see the product documentation for McAfee® Change Control.

Host Firewall Status Specifies whether the system is in one of these two states:• Firewall Enabled — These VMs have McAfee® Host Intrusion Prevention (McAfee

Agent-based) installed.

• Not in use — These VMs don't have McAfee Host Intrusion Prevention (McAfeeAgent-based) installed.

OS Distribution The OS Type shows the template value selected while creating the VMs. However, itmight not be the actual operating system installed on the VM.

Boot AttestationStatus ofHypervisors

Displays the boot attestation status of VMs. For details, see the productdocumentation for McAfee® Boot Attestation Service.

Usage MeteringReport

Displays the usage of cloud accounts in number of hours per month. This data isdisplayed for six months.• Usage Start Time — Specifies starting month and year for the usage calculation.

• Account Name — Specifies the name of the cloud account.

• Sum of Total vCPU Usage Hours — Specifies the sum of CPU usage hours.

3 Queries and reportsPredefined datacenter queries


Query Definition

Endpoint ScanReport

Displays the details of the last scan of the endpoints.

To get accurate data in the Endpoint Scan Report, before running this report, selectMenu | Automation | Server Tasks and run the server task Data Center: Compute Endpoint Reports.

• Endpoint — Displays the name of the endpoint.

• IP Address— Displays the IP address of the endpoint.

• Category — Displays the group/resource pool/host of the endpoint.

• Operating System — Displays the operating system details.

• Last Scan — Displays the last on-demand scan time for an endpoint with anti-virussoftware.

Endpoint SecurityReport

Displays the protection status of the endpoints.

To get accurate data in the Endpoint Scan Report, before running this report, selectMenu | Automation | Server Tasks and run the server task Data Center: Compute Endpoint Reports.



• Virtual — Specifies whether the endpoint is a virtual system.

• VM Classification — Specifies if the VM is a part of public (Cloud Machine) or private(Virtual Machine) cloud.

• Vendor — Displays the name of the cloud service provider of the endpoint.

• Power Status — Specifies the power status of the endpoint.



• AntiVirus/Antimalware — Displays the name of the McAfee anti-virus and anti-malwaresoftware installed on the endpoint.

• Firewall — Displays the name of the McAfee software with the firewall protectionactive on the endpoint.

• Whitelisting — Specifies whether the whitelisting feature is enabled.

• Access Protection — Displays the name of the McAfee software that provides accessprotection.

• Memory Protection — Displays the name of the McAfee software that providesmemory protection.

• Last Communication — Displays the time details of the last server-clientcommunication.

Queries and reportsPredefined datacenter queries 3


Query Definition

vCenter AssetManagement Report

Displays the security status of vCenter endpoints.

This report is visible only after you install the Data Center Connector for vSphereextension.





• VM Classification — Specifies if the VM is a part of public (Cloud Machine) or private(Virtual Machine) cloud.


• Host — Displays the host IP address.

• vCenter — Displays the vCenter IP address.

• AntiVirus/Antimalware — Displays the name of the McAfee anti-virus and anti-malwaresoftware installed on the endpoint.

• Firewall — Displays the name of the McAfee software with the firewall protectionactive on the endpoint.


• Access Protection — Displays the name of the McAfee software that provides accessprotection.

• Memory Protection — Displays the name of the McAfee software that providesmemory protection.

• Last Communication — Displays the time details of the last server-clientcommunication.

Data Protection perCloud Volume

Displays the number of volumes that are encrypted and not encrypted.

Data Protection perCloud VM

Displays the number of VMs that are encrypted and not encrypted.

View default queriesRun the predefined queries to generate reports based on Data Center components.



2 Select Menu | Reporting | Queries & Reports.

3 From the Groups pane, select Data Center to display the queries for the selected group.

McAfee ePO 4.6.8 and later — Reports are grouped under Shared Groups.

McAfee ePO 5.1.1 and later — Reports are grouped under McAfee Groups.

4 From the Queries list, select a query, then click Run.

3 Queries and reportsPredefined datacenter queries


5 In the query results page, click any item in the results to drill down further.

6 Click Close when finished.

Create public cloud custom queriesYou can create custom queries that retrieve and display the details related to the Usage MeteringReport. With this wizard, you can configure which data is retrieved and displayed, and how it isdisplayed.

Before you beginYou must have administrator rights to perform this task.



2 Select Menu | Reporting | Queries & Reports, then click Actions | New to open the Query Builder wizard.

3 Select Public Cloud on the Feature Group list.

4 On the Result Type page, select Usage Metering records, then click Next.

5 Select the type of chart or table to display the primary results of the query, then click Next to openthe Columns page.

If you select Boolean Pie Chart, you must configure the criteria to include in the query.

6 Select the columns to include in the query, then click Next to open the Filter page.

If you had selected Table on the Chart page, the columns you select here are the columns of thattable. Otherwise, these are the columns that make up the query details table.

7 Select properties to narrow the search results, then click Run.

The Unsaved Query page displays the results of the query, which is actionable. You can take anyavailable actions on items in any tables or drill-down tables. Selected properties appear in thecontent pane with operators that can specify criteria to narrow the data that is returned for thatproperty.

• If the query does not return the expected results, click Edit Query to go back to the Query Builderand edit the details of this query.

• If you don’t want to save the query, click Close.

• If this is a query you want to use again, click Save and continue to the next step.

8 On the Save Query page, type a name for the query, add any notes, and select one of these options:

• New Group — Type the new group name and select whether the group is private or public.

• Existing Group — Select the group from the list of Shared Groups.

9 Click Save.

Queries and reportsCreate public cloud custom queries 3


Dashboards and monitorsDashboards, which are comprised of monitors, help you track key metrics from all Data Centerproducts.

McAfee ePO 4.6.8 and later — Dashboards are grouped under Private Dashboards.

McAfee ePO 5.1.1 and later — Reports are grouped under McAfee Dashboards.

Data Center and Public Cloud dashboardsThe Data Center and the Public Cloud dashboards are added to your McAfee ePO server when youinstall the datacenter software.

• The Data Center dashboard displays a collection of monitors based on the results of the defaultdatacenter software queries.

• The Public Cloud dashboard displays the collection of monitors for default public cloud accountqueries.

The data in these monitors on the dashboard is refreshed every 15 minutes.

The default monitors that appear under these dashboards are:

• Data Centers — Displays all registered datacenters.

3 Queries and reportsDashboards and monitors


• OS Distribution — Displays the operating system type. It shows the template value selected whilecreating the VMs. However, it might not be the actual operating system installed on the VM.

• Security Incidents (last 14 days) — Specifies events reported for these components on the VMs in the last14 days.

• Application Control

• Antivirus

• Firewall

• Memory Protection

Queries and reportsDashboards and monitors 3


• Anti-malware Status — Displays the state of the VM.

• Application Control Enabled — These VMs have McAfee Application Control installed and enabled.

• Only Anti-Virus Enabled — These VMs have a McAfee anti-virus product installed and enabled.

• Unprotected — These VMs don't have any McAfee anti-malware product enabled.

• Host Firewall Status — Displays the state of the system.

• Firewall Enabled — These VMs have McAfee Host Intrusion Prevention installed.

• Not in use — These VMs don't have McAfee Host Intrusion Prevention installed.



• File Integrity Monitoring Status — Displays the number of VMs with File Integrity Monitoring (FIM)installed and enabled.

• Enabled — File Integrity Monitoring is enabled on these VMs.

• Not enabled — File Integrity Monitoring is disabled on these VMs.

• Not installed — File Integrity Monitoring isn't installed on these VMs.

For more details about FIM, see the product documentation for McAfee Change Control.

• Data Protection per Cloud Volume — Displays the number of volumes that are encrypted and the numberof volumes that are not encrypted.



• Data protection per Cloud VM — Displays the number of VMs that are encrypted versus number of VMsthat are not encrypted.

• Encrypted — These VMs are encrypted.

• Not Encrypted — These VMs are not encrypted.

• Usage Metering Report — Displays the usage of cloud accounts by the instances, in number of hours permonth.

• Usage Start Time — Specifies starting month and year for the usage calculation.

• Account Name — Specifies the name of the cloud account.

• Sum of Total vCPU Usage Hours — Specifies the sum of CPU usage hours.



• Application Reputation — Categorizes the applications based on McAfee GTI file reputation.

• Good

• Bad

• Unclassified

This dashboard retrieves data from the McAfee Application Control extension.

For details about file reputation, see the product documentation for McAfee Application Control.

• Boot Attestation Status for Hypervisors — Displays the Boot Attestation status of vCenter hypervisors. Fordetails, see the product documentation for Boot Attestation Service.

• Endpoint Scan Report — Displays the last scan details of the endpoints.

This report is run every eight hours.





• Last Scan — Displays the last on-demand scan time for an endpoint with different anti-virussoftware.

To get accurate data in the Endpoint Scan Report, before running this report, select Menu | Automation| Server Tasks and run the server task Data Center: Compute Endpoint Reports.

• Endpoint Security Report — Displays the protection status of the endpoints.

This report is run every eight hours.





• Virtual — Specifies whether the endpoint is a virtual system.

• VM Classification — Specifies if the VM is a part of public (Cloud Machine) or private (Virtual Machine)cloud.

• Vendor — Displays the name of the cloud service provider of the endpoint.




• AntiVirus/Antimalware — Displays the name of the McAfee anti-virus and anti-malware software thatis installed on the endpoint.

• Firewall — Displays the name of the McAfee software with the firewall protection active on theendpoint.


• Access Protection — Displays the name of the McAfee software that provides access protection.

• Memory Protection — Displays the name of the McAfee software that provides memory protection.

• Last Communication — Displays the time details of the last server-client communication.

To get accurate data in the Endpoint Scan Report, before running this report, select Menu | Automation| Server Tasks and run the server task Data Center: Compute Endpoint Reports.

• vCenter Asset Management Report — Displays the security status of vCenter endpoints.

This report is visible only after you install the Data Center Connector for vSphere extension.





• VM Classification — Specifies if the VM is a part of public (Cloud Machine) or private (Virtual Machine)cloud.


• Host — Displays the host IP address.

• vCenter — Displays the vCenter IP address.

• AntiVirus/Antimalware — Displays the name of the McAfee anti-virus and anti-malware software thatis installed on the endpoint.

• Firewall — Displays the name of the McAfee software with the firewall protection active on theendpoint.


• Access Protection — Displays the name of the McAfee software that provides access protection.

• Memory Protection — Displays the name of the McAfee software that provides memory protection.

• Last Communication — Displays the time details of the last server-client communication.



Index

Aabout this guide 5access protection 43

accounts, registering 14, 20, 35, 37

AWS 14

HP 29

Microsoft Azure account 35

OpenStack 31

Rackspace 27

VMware vCenter 20

Windows Azure Pack 37

antimalware status dashboard 48

application control 43, 48

application reputation dashboard, GTI 48

AWS (Amazon Web Services)account 14

product component 7, 9AWS account

editing and deleting 17

registering 14

AWS usercreating 19

creating access key, secret access key 19

BBoot Attestation Service 43, 48

Cchange control

file integrity monitoring status 43, 48

cloud accounts 9cloud usage metering

cpu usage hours 8tagging 8total vcpu usage hours 8

components, Data Center 9connector, choosing 14, 20, 27, 29, 31, 35, 37

conventions and icons used in this guide 5

Ddashboards, datacenter

anti-malware status 48

application reputation 48

dashboards, datacenter (continued)datacenter 48

File Integrity Monitoring Status 48

Firewall Status 48

OS Distribution 48

security incidents 48

Data Center Connector for AWScomponents 7, 9install extension 12

requirements 11

Data Center Connector for Microsoft Azurecomponents 7, 9install extension 12

Microsoft Azure 9product component 9requirements 11

Windows Azure Pack 9Data Center Connector for OpenStack

components 7, 9HP 9install extension 12

OpenStack cloud (Generic) 9product component 9Rackspace 9requirements 11

Data Center Connector for vSpherecomponents 7, 9install extension 12

requirements 11

default queries, displaying 46

displayingAWS details 17

Microsoft Azure details 39

protection status 14

tags 17, 39

Windows Azure Pack details 39

documentationaudience for this guide 5product-specific, finding 6typographical conventions and icons 5


EePolicy Orchestrator

components 7, 9install extension 12

requirements 11

ESXihypervisors 9requirements 11

extensioninstalling 12

Ffile reputation 48

FIM (File Integrity Monitoring Status) 48

firewall status 48

GGTI (Global Threat Intelligence), file reputation 48

HHost Intrusion Prevention

host firewall status 43, 48

HP accountdisplaying 33


registering 29

hypervisors 20

Iinstallation

HP account, registering 29

OpenStack cloud (Generic) account, registering 31

Rackspace account, registering 27

requirements 11

MMcAfee ServicePortal, accessing 6Microsoft Azure account

about 35


registering 35

monitors, Data Center 48

OOpenStack cloud (Generic)

account 31


registering 31

operating systemrequirements 11

Pprotection status, displaying 46, 48

Qqueries, Data Center

default, viewing 46

pie charts 46

viewing default queries 46

queries, datacenterpredefined 43

queries, public cloudcreating 47

RRackspace account

displaying 33


registering 27

read-only AWS groupassigning 20

creating 19

reports, datacenter 43

anti-malware status 48

application reputation 48

File Integrity Monitoring Status 48

Firewall Status 48

OS Distribution 48

security incidents 48

requirementsother requirements 43

reports, Data Center 43

Ssecurity incidents dashboard 48

ServicePortal, finding product documentation 6status

firewall 48

trust 48

Ttags

defining 14, 20, 27, 29, 31, 35, 37

deleting 17, 22, 33, 39

displaying 22, 33

technical support, finding product information 6

VvCenter

details 22

editing and deletingaccount 22

virtual machinesboot status 20

Index


virtual machines (continued)trust status 14

virtual machines, discoveringHP 29

OpenStack cloud (Generic) 31

Rackspace 27

virtual properties, displaying 14, 20, 35, 37

VMware vCenterdetails, displaying 22

product component 7, 9VMware vCenter account

defining 20

VMware vCenter account (continued)registering 20

WWindows Azure Pack account

about 37


registering 37

Index


For use with McAfee ePolicy Orchestrator - Knowledge …€¦ · · 2015-11-25For use with McAfee...

Documents

Transcript of For use with McAfee ePolicy Orchestrator - Knowledge …€¦ · · 2015-11-25For use with McAfee...